There is no "PCIe vulnerability" unless you think someone is shimming your PCIe devices on the data lines physically inside the machine.
The only people who need to consider this are people who think a state actor is putting trash chips on data lines in their expansion cards and mainboards just to perform the shim... which, yeah, encrypting it is a pretty decent way of stopping this, they already do it for both in-flight and at-rest data on SAS and NVMe drives, this just expands it to also cover everything that flows over PCIe; ex: exfiltrating unencrypted data inside a datacenter that is being sent to/from the HTTPS endpoint gateway via the NIC's unecrypted PCIe lanes.
general1465•11h ago
This is kind of pointless endeavor - what is preventing you from shimming the RAM sticks then?
DiabloD3•15h ago
There is no "PCIe vulnerability" unless you think someone is shimming your PCIe devices on the data lines physically inside the machine.
The only people who need to consider this are people who think a state actor is putting trash chips on data lines in their expansion cards and mainboards just to perform the shim... which, yeah, encrypting it is a pretty decent way of stopping this, they already do it for both in-flight and at-rest data on SAS and NVMe drives, this just expands it to also cover everything that flows over PCIe; ex: exfiltrating unencrypted data inside a datacenter that is being sent to/from the HTTPS endpoint gateway via the NIC's unecrypted PCIe lanes.
general1465•11h ago